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Amendments to the Claims: 

This listing of claims will replace all prior versions and listings of claims in the application. 
Listing of Claims; 

1 . (Original) A method in a computer system for identifying a principal 
associated with a first object comprising: 

maintaining in the first object identity information identifying the principal; 
invoking a method in an API with the identity information as an argument, 
under control of the method, 

searching a principal data store for principal data identified by the identity 
information; 

instantiating a principal object having principal data identified by the 
identifying information; and 

returning a pointer to the principal object or, 

if more than one principal is found in the data store having the principal 
data, returning an error. 

2. (Original) The method of claim 1 wherein the identity information is an identity 
reference identifying an identity claim of the principal and invoking comprises: 

invoking the findbyidentity method in a principal API exposed by the principal 
data store with the identity reference as an argument. 



3. (Original) The method of claim 1 wherein the identity information is an identity 
reference identifying an identity claim of the principal and invoking comprises: 

invoking a findbyidentity method in a principal API exposed by the principal data 
store with the ItemContext as a first argument, and identity reference as a second 
argument; and 

under control of the findbyidentity method, 

searching a principal data store identified by the ItemContext argument for 
a principal having the identity claim; 
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instantiating a principal object for the principal having the identity claim; 
returning a pointer to the principal object; or, 

if more than one principal is found in the data store, returning an error. 

4. (Original) The method of claim 1 wherein the identity information is an identity 
reference identifying an identity claim of the principal, the identity reference having an identity 
claim value and scheme, and invoking comprises: 

invoking a findbyidentity method with the identity claim value and scheme as 
arguments; and 

under control of the findbyidentity method, 

searching a principal data store for a principal having the identity claim 
value and scheme; 

instantiating a principal object for the principal having the identity claim 
value and scheme; 

retuming a pointer to the principal object; or, 

if more than one principal is found in the data store having the identity 
claim value and scheme, retuming an error. 

5. (Original) The method of claim 1 wherein the identity information is an identity 
reference identifying an identity claim of the principal, the identity reference having an identity 
claim value and scheme, and invoking comprises: 

invoking a findbyidentity method with the identity claim value as an argument; 

and 

under control of the findbyidentity method, 

searching a principal data store for a principal having the identity claim 
value with any scheme; 

instantiating a principal object for the principal having the identity claim 
value and scheme; 

retuming a pointer to the principal object; or, 

if more than one principal is found in the data store having the identity 
claim value and scheme, retuming an error. 
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6. (Original) The method of claim 1 wherein the identity information is an identity 
reference identifying an identity claim of the principal, the identity reference having an identity 
claim value and scheme, and invoking comprises: 

invoking a findbyidentity method with the identity claim value and scheme and a 
principal type as arguments, the findbyidentity method in an application progranmiing 
interface of the first object; and 

under control of the findbyidentity method, 

searching a principal data store for a principal of the principal type that 
also has the identity claim value and scheme; 

instantiating a principal object of the principal type, the principal object 
having the identity claim value and scheme; and 

returning a pointer to the principal object; or, 

if more than one principal is found in the data store having the identity 
claim value and scheme, returning an error. 

7. (Original) The method of claim 1 wherein the first object is an identity reference 
object having an identity reference and invoking comprises: 

invoking a findbyidentity method with the identity reference, the findbyidentity 
method in an application programming interface of the first object; and 
under control of the findbyidentity method, 

searching a principal data store for a principal identified by the identity 
reference; 

instantiating a principal object for the principal identified by the identity 
reference; and 

returning a pointer to the principal object; or, 

if more than one principal is found in the data store having the identity 
claim value and scheme, returning an error. 

8. (Original) The method of claim 1 further comprising: 
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storing in the principal data store, principal data including at least one identity 
claim for every principal known to the computer system. 

9. (Original) The method of claim 1, wherein the principal object includes at least one 
identity claim object, and the principal object and identity claim object expose application 
progranmiing interfaces that have the findbyidentity method. 

10-13. Cancelled 

14. (Original) A computer program product readable by a computing system and 
encoding a computer program of instructions for executing a computer process for identifying a 
principal, said computer process comprising: 

maintaining in the first object identity information identifying the principal; 
invoking a method in an API with the identity information as an argument, 
under control of the method, 

searching a principal data store for principal data identified by the identity 
information; 

instantiating a principal object having principal data identified by the 
identifying information; and 

returning a pointer to the principal object or, 

if more than one principal is found in the data store having the principal 
data, returning an error. 

15. (Original) The computer program product of claim 14 wherein the identity 
information is an identity reference identifying an identity claim of the principal and invoking 
comprises: 

invoking the findbyidentity method in a principal API exposed by the principal 
data store with the identity reference as an argument. 
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16. (Original) The computer program product of claim 14 wherein the identity 
information is an identity reference identifying an identity claim of the principal and invoking 
comprises: 

invoking a fmdbyidentity method in a principal API exposed by the principal data 
store with the identity reference as a first argument, and an ItemContext as a second 
argument; and 

under control of the findbyidentity method, 

searching a principal data store identified by the ItemContext argument for 
a principal having the identity claim; 

instantiating a principal object for the principal having the identity claim; 
returning a pointer to the principal object; or, 

if more than one principal is found in the data store, returning an error. 

17. (Original) The computer program product of claim 14 wherein the identity 
information is an identity reference identifying an identity claim of the principal, the identity 
reference having an identity claim value and scheme, and invoking comprises: 

invoking a fmdbyidentity method with the identity claim value and scheme as 
arguments; and 

under control of the fmdbyidentity method, 

searching a principal data store for a principal having the identity claim 
value and scheme; 

instantiating a principal object for the principal having the identity claim 
value and scheme; 

returning a pointer to the principal object; or, 

if more than one principal is found in the data store having the identity 
claim value and scheme, returning an error. 

18. (Original) The computer program product of claim 14 further comprising: 

storing in the principal data store, principal data including at least one identity 
claim for every principal known to the computer system. 
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19. (Original) The computer program product of claim 17, further comprising: 
independently selecting a property from the principal data to be an identity claim, the 

property uniquely identifying the principal and distinguishing it from all other principals known 

to the computer system. 

20-35. Cancelled 
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